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DETAILED ACTION 



I. 



Claim 17 has been added. 



II. 



Claims 1-17 have been examined. 



III. 



Responses to Applicant's remarks have been given. 



Response to Arguments 



1 . Applicant's arguments, see page 7, filed 01/06/1 1 , with respect to the objection to 
claim 7 have been fully considered and are persuasive. The objection of claim 7 has 
been withdrawn. 

2. Further, the 35 U.S.C. 112, second paragraph rejection of claim 1 1 is also hereby 
withdrawn due to the Applicant's amendment to said claim. 

3. Applicant's arguments filed 01/06/1 1 have been fully considered but they are not 
persuasive. With respect to the Applicant's arguments pertaining to claim 1 , the 
Examiner upholds that Bischof teaches the Applicant's claimed invention, as cited 
below. 

4. With regards to the claim language of "having the system store an entire set of 
references which the program obtains means considered as licit, said program 
comprising code from a single Java Card package", the Examiner upholds that within, 
but not limited to, column 6, lines 1 3-24, Bischof discloses this via "The binder then 
includes the appropriate code, according to the symbolic references, and substitutes the 
symbolic references with an appropriate object reference. This object reference then 
points to the beginning of the location where the method resides. The Java 
environment uses a lazy binding approach." Also, the "Java library" within column 9, 
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lines 44-62 provides sufficient support: "provides protection of system classes that 
reside in the Java library. An object reference received from the name resolution 
process is a pointer to the corresponding piece of code, which actually points to the 
beginning of a method description." 

Claim Rejections - 35 USC § 102 

(b) the invention was patented or described in a printed publication in tliis or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 

Claims 1-4, 9-14 and 17 are rejected under 35 U.S.C. 102(b) as being 
anticipated by United States Patent No. 6,658,573 to Bischof et al., hereinafter Bischof. 

5. On page 4 of the Applicant's Specification, with regards to the terms "licit" and 
"illicit", it is stated that "the actual definition of what is a licit or illicit reference depends 
on the system, on the programming language and possibly on the context". Thus the 
claim language is open to a broad interpretation and is disclosed via the citations of the 
prior art below. 

6. Regarding claim 1 , Bischof teaches a method for controlling access to data 
handled by references in a system for executing programs, said programs including 
processes and tasks, wherein upon executing a program, the method comprises the 
following steps: 

having the system store an entire set of references which the program obtains by 

means considered as licit, said program comprising code from a single Java Card 
package (column 6, lines 13-24 and 44-62, column 9, lines 39-54, "Java library", column 
1 2, lines 52-63 and column 1 3, lines 41 -54). 
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before any operation intended to be forbidden in case said operation deals with values 
which are not licit references, having the system check that said values are among the 
licit references which have been stored for this program, and accepting the operation, 
responsive to said step of checking, when said checking determines said values are 
among the licit references, and rejecting the operation responsive to said step of 
checking, when said checking determines said values are not among the licit references 
(column 7, lines 36-67, "reject the invocation", "assign and/or check rights to the caller 
entity"). 

7. Regarding claim 2, Bischof teaches wherein the references are pointers (column 
1 3, lines 6-25 and 41 -54 and column 14, lines 46-59). 

8. Regarding claim 3, Bischof teaches wherein the licit means for a program in 
order to obtain reference values comprise at least one of the following operations: 

reading a variable or a datum belonging to the system or to another program, writing 
into a variable or datum of said program by the system or by another program, receiving 
arguments upon calling a routine of said program by the system or by another program, 
utilization of the return value from the call by said program of a routine belonging to the 
system or to another program, having said program catch up a raised exception during 
execution of a routine belonging to the system or to another program, receiving by said 
program an interruption or a valuated signal (column 5, lines 61 -67, column 6, lines 1 -3 
and 25-31 and column 7, lines 3-15). 
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9. Regarding claim 4, Bischof teaches wherein the system comprises a mechanism 
which determines whether a given value is a valid reference (column 7, lines 30-57, "If 
the guard object indicates no error, execution continues as usual"). 

1 0. Regarding claim 9, Bischof teaches wherein the whole of the licit stored 
references is represented by a table (column 13, lines 6-25). 

1 1 . Regarding claim 1 0, Bischof teaches wherein the set of the licit stored references 
is emptied, by means of a conservative garbage collector, of references which have 
become inactive (column 15, lines 4-1 1 and column 16, lines 1-9, "the garbage 
collection is responsible for removing obsolete objects and freeing up the memory"). 

1 2. Regarding claim 1 1 , Bischof teaches wherein: the references are represented in 
the system by handles and tables of pointers, the sets of licit stored references are 
represented by vectors of bits associated with some of the tables of pointers, where a 
bit has a given index which represents the presence or the absence of the 
corresponding reference in said sets, said vectors of bits are represented by means of a 
sequence of indexes or lengths corresponding to the extents of bits positioned in the 
same way (column 1 3, lines 6-25 and 41 -54 and column 1 4, lines 46-59). 

1 3. Regarding claim 1 2, Bischof teaches wherein the references are handles 
(column 14, lines 38-59, "a pointer to the appropriate guard dispatch table is assigned to 
the executing thread"). 

[According to page 3 of the Applicant's Specification, "A handle is an index 
in a table of pointers (and more generally in a table of references). The 
values of pointers and handles also sometimes include specific bits which 
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give information on tlie datum (for example on tfie referenced memory 
area or on the information tfierein) or, in tfie case of liandles, on tine 
associated table." Thus, the claimed "handles" are interpreted by the 
Examiner to pertain to Bischof s disclosure of a "guard dispatch table" and 
the associations related therein.] 

1 4. Regarding claim 1 3, Bischof teaches wherein the stored licit references are 
limited to the sole references on data considered as sensitive for the system (column 6, 
lines 13-24 and 44-62, column 9, lines 55-67). 

1 5. Regarding claim 1 4, Bischof teaches wherein said checks check that the values 
are among the sensitive licit references which were stored for this program or else 
which are references determined as valid and dealing with data which are not sensitive 
(column 7, lines 36-67, "reject the invocation", "assign and/or check rights to the caller 
entity" and "perform a notification and/or auditing service"). 

1 6. (New) Regarding claim 1 7, Bischof teaches wherein some of said tables are 
reserved for licit references (column 14, lines 46-59). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham \/. John Deere Co., 383 U.S. 1 , 148 

USPQ 459 (1966), that are applied for establishing a background for determining 

obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the phor art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

1 7. Claims 5 and 6 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Bischof and further in view of United States Patent No. 7,127,605 to Montgomery et al., 
hereinafter Montgomery. 

1 8. Bischof teaches the claimed invention, as cited within independent claim 1 . 
However, Bischof does not teach the claim features of dependent claims 5 and 6 
pertaining to the functionality of the firewall. Montgomery teaches said features, as 
cited below. 

1 9. Regarding claim 5, Montgomery teaches wherein the system comprises a firewall 
which forbids certain operations by certain programs on certain referenced data, data 
considered as being sensitive for the system being those for which the operations are 
not forbidden by the firewall (column 3, lines 43-62, "the 810 206 still cannot access 216 
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methods in the client applet 100; such access is still prevented by the firewall 106" and 
column 4, lines 21-66, "server applet 102 is still prohibited from accessing 310 the client 
applet 100 due to firewall 106"). 

20. Regarding claim 6, Montgomery teaches wherein the firewall forbids certain 
operations by a program on data belonging to other programs, except on those declared 
as shareable (column 3, lines 43-62, "the SIO 206 still cannot access 216 methods in 
the client applet 100; such access is still prevented by the firewall 106" and column 4, 
lines 21-66, "server applet 102 is still prohibited from accessing 310 the client applet 
100 due to firewall 106"). 

21 . The motivation to combine would be to have "the applications being able to share 
methods in a secure manner using delegates to enforce the security policy that each 
application wishes to impose with regard to each method shared" {Montgomery - 

column 2, lines 47-54). 

22. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Montgomery with the 
teachings of Bischof so that "the client applet 100 and the server applet 102 may freely 
communicate with the JCRE 1 08, but the client applet 100 is prevented from referencing 
1 10 the server applet 102 by the firewall 106 to ensure security" {Montgomery- column 
3, lines 38-42). 

23. Claims 7, 8 and 1 5 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Bischof and Montgomery, and further in view of United States Patent No. 
7,140,549 to de Jong, hereinafter de Jong. 
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24. Though Bischof teaches the claimed invention as cited within independent claim 
1 , it does not teach the claimed features within claims 7 and 8 pertaining to 
"Javacard.framework.Shareable". Montgomery and de Jong teach said features, as 
cited below. 

25. Regarding claim 7, Montgomery teaches wherein the system is based on a Java 
Card virtual machine and wherein: 

the data declared as shareable and therefore sensitive, are objects which are instances 
of classes which implement the "Javacard.framework.Shareable" interface (Figures 1 - 
2d, 3a and 3b, column 3, lines 31-60 and column 6, lines 32-62, 
"JCSystem.getAppletSharablelnterfaceObject"). 

26. Further, for claim 7, Montgomery teaches some of the claimed features, as cited 
above but does not teach the features pertaining to "a program consists of the whole of 
the code which is found in a 'Java Card package'; the firewall is that of the Java Card 
Runtime Environment (JCRE)". Thus, de Jong is cited to teach these claimed features. 

27. Regarding claim 7, de Jong teaches a program consists of the whole of the code 
which is found in a "Java Card package"; the firewall is that of the Java Card Runtime 
Environment (JCRE) (Figure 3 and column 8, lines 21-31 and 38-49). 

28. The motivation to combine would be " for having two or more applets within a 
single firewall is where one applet manages the code and classes of the other 
applications(s) that are within the same firewall" {de Jong - column 8, lines 26-29). 

29. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of de Jong with the teachings 
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of Montgomery and Bischof due to "it is clearly Important to determine tlie correct 
firewall for the applet, so that the applet Is Installed Into the proper location" {de Jong- 
column 8, lines 46-49). 

30. Regarding claim 8, Montgomery teaches wherein the system stores In sets of 
sensitive licit references associated with a package all the references which appear in 
the following cases: receiving arguments of "Javacard.framework.Shareable" type when 
a method of said package Is called by another package or by the system, 
"Javacard.framework.Shareable" type return value when said package calls a method 
from another package or from the system (Including the a 
"getAppletSharreablelnterfaceObject" method of "Javacard.framework.JCSystem 
package"), reading a public static field of "Javacard.framework.Shareable" type In 
another package or In the system, catching up an Instance object of a class from 
(inheriting from) "java.lang.Throwable" and implementing 

"Javacard.framework.Shareable" (Figures 1-2d, 3a and 3b, column 3, lines 31-60 and 
column 6, lines 32-62, "JCSystem.getAppletSharablelnterfaceObject"). 

31 . The motivation to combine would be to have a repository containing the means 
for accessing the desired software application/program. 

32. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to Incorporate the teachings of Montgomery with Bischof 
so that "Instead of granting a client application access to an Interface of the server 
application, the client Is given access to a delegate object. The delegate object controls 
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access to the shared methods of the server application by enforcing a security policy, 
using security mechanisms" {Montgomery- column 4, lines 7-11). 

33. Bischof teaches the claimed invention, as cited within independent claim 1 but 
does not teach the claimed features within dependent claim 15 pertaining to the types of 
objects within the system. Montgomery teaches said features, as cited below. 

34. Regarding claim 1 5, Montgomery teaches wherein the data declared as 
shareable and therefore sensitive, are objects with public use of the system: global 
arrays and Entry Point Objects of JCRE (column 3, lines 43-60, "the server applet 102 
responds by returning 208 to the JCRE 108 a reference to a shareable interface object 
(SIO) 206 if access Is granted to the client, or null if access is not granted"). 

35. The motivation to combine would be to have "the applications being able to share 
methods in a secure manner using delegates to enforce the security policy that each 
application wishes to impose with regard to each method shared" {Montgomery - 
column 2, lines 47-54). 

36. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Montgomery with the 
teachings of Bischof so that "the client applet 100 and the server applet 102 may freely 
communicate with the JCRE 1 08, but the client applet 100 is prevented from referencing 
1 10 the server applet 102 by the firewall 106 to ensure security" {Montgomery- column 
3, lines 38-42). 
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37. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over Bischof 
as applied to claim 1 1 above, and further in view of United States Patent No. 7,140,549 
to de Jong, hereinafter de Jong. 

38. With regards to claim 16, though Bischof teaches the claimed invention, as cited 
above, Bischof does not teach the claim language found within claim 16 pertaining to 
"said vectors of bits are hollow", de Jong teaches said claim language, as cited below. 

39. Regarding claim 1 6, de Jong teaches wherein said vectors of bits are hollow 
(column 17, lines 26-34, "the appropriate number of null bytes"). 

40. The motivation to combine would be that in the event that "most of the bytes in 
the AID parameter passed from the terminal to the card are zero, they can be truncated 
to fit the parameter into the AID byte array" {de Jong - column 17, lines 40-43). 

41 . Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of de Jong with the teachings 
of Bischof in order that objects "are only instantiated if particularly required, thereby 
saving storage on the card" {de Jong - column 1 1 , lines 26-29). 

Conclusion 

42. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

43. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
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TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

44. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

45. The following United States Patents and Patent Application Publications are 
further cited to show the state of the art with respect to data access, such as: 

United States Patent Application Publication No. US 2003/0120593 to Bansal et 
al., which is cited to show a method and system for delivering multiple services 

electronically to customers via a centralized portal. 

United States Patent Application Publication No. US 2005/0044197 to Lai, which 
is cited to show a structured methodology and design patterns for web services. 
United States Patent No. 6,633,984 to Susser et al., which is cited to show 
techniques for permitting access across a context barrier on a small footprint 
device using an entry point object. 

United States Patent No. 6,151 ,688 to Wipfel et al., which is cited to show 
resource management in a clustered computer system. 
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United States Patent No. 7,1 17,284 to Watt et al., which is cited to show vectored 
interrupt control within a system having a secure domain and a non-secure 
domain. 

United States Patent No. 7,149,862 to Tune et a!., which is cited to show access 
control in a data processing apparatus. 

United States Patent No. 7,171 ,539 to Mansell et al., which is cited to show an 

apparatus and method for controlling access to a memory. 

United States Patent No. 7,305,534 to Watt et al., which is cited to show control 

of access to a memory by a device. 

United States Patent No. 6,807,636 to Hartman et al., which is cited to show 
methods and apparatus for facilitating security in a network. 
United States Patent No. 6,560,774 to Gordon et al., which is cited to show a 
verifier to check intermediate language. 

46. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JEREMIAH AVERY whose telephone number is 
(571)272-8627. The examiner can normally be reached on Monday thru Friday 8:30am- 
5pm. 

47. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Korzuch can be reached on (571) 272-7589. The fax phone number 
for the organization where this application or proceeding is assigned is 571 -273-8300. 

48. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
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published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Jeremiah Avery/ 
Examiner, Art Unit 2431 

/Kaveh Abrishamkar/ 

Primary Examiner, Art Unit 2431 



